Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5738 | 1 Punbb | 1 Punbb | 2008-09-05 | 2.1 LOW | N/A |
| Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2005-4688 | 1 Punbb | 1 Punbb | 2008-09-05 | 5.0 MEDIUM | N/A |
| PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session. | |||||
| CVE-2005-4687 | 2 F-art Agency, Punbb | 2 Blog Cms, Punbb | 2008-09-05 | 5.0 MEDIUM | N/A |
| PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header. | |||||
| CVE-2005-4686 | 1 Punbb | 1 Punbb | 2008-09-05 | 5.0 MEDIUM | N/A |
| PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information. | |||||
| CVE-2005-3079 | 1 Punbb | 1 Punbb | 2008-09-05 | 4.6 MEDIUM | N/A |
| PunBB before 1.2.8 allows remote attackers to perform "code inclusion" via the user language selection. | |||||
| CVE-2005-3078 | 1 Punbb | 1 Punbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature. | |||||
| CVE-2005-1072 | 1 Punbb | 1 Punbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML. | |||||